Configuring Clients and the rcd.conf File

This section will cover client configuration in greater detail, and explain the configuration files for rcd.

If you prefer to use a configuration file rather than a series of commands to configure your client machines, you will need to create an /etc/ximian/rcd.conf file and a /var/lib/rcd/services.xml file. The first file is only a few lines long, and will look something like a Windows INI file. It has one or more sections, denoted with square brackets: [Section]. Each section contains one or more tokens, set to equal a particular value: token=value.

The services.xml file is not designed for hand-editing. If you prefer, you can create the file by configuring a single client, and then copy it to additional machines. You can use the commands rug service-list, rug service-add, and rug service-delete to display, add to, and delete from the list of servers your client will access.

The rcd.conf format is similar to the other configuration files you will encounter in the rest of the product. In particular, the configuration file for rcmirror is similar, although larger and more complex.

You can change the settings reflected in the rcd.conf file using the rug set and rug get commands. However, if you prefer to do things the old-fashioned way, you can edit the file yourself:

1. Open a text editor such as emacs, vi, or gedit.
2. Enter [Network] to designate a section about the network.
3. Enter the token require-verified-certificates. Set it to true if you have purchased or generated an SSL certificate for your ZENworks Linux Management server, and false otherwise (Security, Signatures, and Certificates has instructions on installing an SSL certificate.) Changing this line is the same as using the command rug set require-verified-certificates false (or true).
4. If you do not wish to use package signatures, set the token require-signatures to false. To use package signatures for packages not shipped by Ximian, you must add the public key to each client's rcd-specific keyring. This is generally impractical, as there is no convenient way to access the rcd keyring through rug. If you plan on shipping software that is not provided by Ximian, it is best to check package signatures before you add them to your server, and then rely on client authentication and SSL certificates to secure the communications between your clients and your server.
5. For maximum security, add a [System] section with the line remote-enabled=false. This forces all client applications to be run from the local machine. If you wish to allow remote connections, note that, by default, they occur over port 505 if initiated by the server, and over port 443 for standard SSL connections.

To check your current settings, run the command rug get, or check the rcd.conf man page for a list of all the settings you can set.

A very simple file could look like this:

[Network]  
require-verified-certificates=false  
 
[Cache] enabled=true

A more complex file might look like this:

[Network]  
require-verified-certificates=false  
 
[Cache]  
enabled=true  
 
[System]  
cache-cleanup=true  
cache-size-in-mb=500 debug-level=1  
repackage=false  
syslog-level=1  
 
[Server]  
remote-enabled=false

rcd versions 1.5 and later support multiple servers, and store server information in the file /var/lib/rcd/services.xml. Earlier versions supported only one server and stored the information in rcd.conf. To get a list of currently available servers, enter the command rug services-list.

If services.xml does not exist, rcd reads the server from the host line of rcd.conf and create services.xml.

Once services.xml has been created, changes to rcd.conf do not affect the server accessed by the daemon.